Mark Minasi's Windows Networking Tech Page
Issue #108 May 2013

Document copyright 2013 Mark Minasi; please see below for info on subscribing, unsubscribing or copying portions of this text.

What's Inside

  • News
    • Learn with My Seminars, Audio Recordings and More!
  • Tech Section
    • CHKDSK 2012:  Fear CHKDSK No More
  • Conferences
  • To Subscribe, Unsubscribe, Read Old Newsletters or Change Your Email Address

News

Hi all —

Last issue, I examined exactly what CHKDSK /F does (and has done since Windows 2000), and in particular what's going on with the automatic CHKDSK that we sometimes see at boot time.  Seeing that "I'm going to run CHKDSK" countdown presents server admins with a terrible choice.  On the one hand, if  we allow CHKDSK to do its scanning and fixing of a disk suspected to have troubles then we may avoid a catastrophic loss of data, which is great.  At the same time, however, that scan may take hours and hours... hours wherein that vital server is offline.  This month, I've got some good news on that front, at least for people running Windows 8 or Server 2012.  CHKDSK still must run at boot time to address a class of disk problems -- no change there -- but when it must fix the disk, the fix will usually just take a minute or two, rather than hours.  I think you'll find that some good news and I'll explain it in this newsletter but first, a word from our sponsor...

Don't Miss ITEdge Intersection!

Windows Server 2016 is coming, are you ready? Server 2016 and many other important topics are the focus of ITEdge Intersection at the MGM Grand in Las Vegas, Oct 25-29. Your favorite speakers are there, including Scott Guthrie, Brad Anderson, Jeffrey Snover and of course, Mark Minasi. Register today for the conference and a workshop and you can go home with an XBOX One S, Surface 3 table or MS Band 2. Register at www.itedgeintersection.com.

Bring Mark's Windows 10 Support Class and Our PowerShell Classes to Your Site

Mark has delivered his new "Deploying, Managing and Securing "the Last Windows: Working with Windows 10" class to nearly a dozen clients, and the reviews are uniformly great.  Designed for the Windows 7 support pro, this course tells you everything you need to know to support, deploy, or manage Windows 10 systems.  Fast-paced, lecture-based and entertaining, this course gives you the shortest path to Windows 10 expertise. Learn about Windows 10's completely new licensing approach.  See how to enable the new "parallel universe" security tools.  Discover the cloud-y new tools in Windows 10 like joining a system not to an Active Directory but instead to a cloud.  Find out what you can learn at our course outline at http://www.minasi.com/w10class.htm. 

To bring this class to your site, just drop us a line at assistant@minasi.com.

And while you're at it, are your folks PowerShell adepts?  There really isn't a productivity-enhancer available for Windows support people like PowerShell.  Bring Mark's "Learning PowerShell: Hands-On with AD, Networking, and More" class to your site and he'll make your command-line-hating techies into PowerShell fans.  Outline at http://www.minasi.com/Posh2day/. 

CHKDSK 2012:  Fear CHKDSK No More

So let's review: for many years, Windows has reacted to disk behavior that seems to presage serious data errors by telling CHKDSK, "start up in pre-boot time and give such-and-such drive a thorough scan and repair."  On the next boot, Windows halts the boot process early on and tells CHKDSK to do that scan and fix.  Even simply scanning a drive of common modern large drive takes a lot of time even on a drive without problems, leading to the "but I can't take that server offline for several housr!" problem.

2012's time-saving solution is, in retrospect, painfully obvious:

  • During normal working hours, run CHKDSK in the background a few times a day doing a simple non-invasive scan of your volumes.
  • When it comes across an area on the disk that seems troubled, it writes the location of that troubled area to a pair of new files named $corrupt and $verify and sets the "run CHKDSK at boot time" flag.  So far, no change.
  • When CHKDSK does do a pre-boot run, it needn't do a time-consuming scan, as it already knows where the problem areas are.  It need only read that "things to fix" file, and so can make the fixes in minutes, allowing a quick reboot and lets-get-to-work for your server.
  • That short version when it comes to CHKDSK in Server 2012 and Windows 8 is, then, is "do nothing, and when CHKDSK wants to run at boot time, let it."

Want more detail?  Here's the story of CHKDSK 2012.

Phase One:  Regular Scans, $Corrupt and $Verify

CHKDSK in the latest versions of Windows has a new option, "/scan."  It looks like

chkdsk c: /scan

You needn't probably ever run it, however, as Server 2012 and Windows 8 already have a prebuilt regular task called "ProActiveScan" that runs chkdsk /scan at least once a day.  You can get some information on that job by typing get-scheduledtask proactivescan | select *, but you won't see much -- it's some sort of prebuilt task whose internal structure is opaque to all of the Task Scheduler admin tools that I know of.

Chkdsk /scan does several things.  First, as its name suggests, it touches all of your disk, examining clusters and data structures to find problems early.  Second, chkdsk /scan will fix any minor errors that it can, right on the fly.  If you want /scan to run as non-invasively as is possible, add the option "/forceofflinefix" to keep /scan from doing even these small fixes.  /Scan runs in low priority, but if for some reason you want it to steal a bit more CPU and run in higher priority, add the option /perf, as in

chkdsk e: /scan /perf /forceofflinefix

When chkdsk /scan comes across a serious this-needs-a-dismount-to-fix sort of problem, it notes the location of the problem in one of two new files, $corrupt and $verify.  $corrupt contains the locations of definite problems, and $verify contains the locations of possible problems -- ones that will be easier to test and perhaps fix in an offline CHKDSK session.  As you'd guess, whenever CHKDSK /scan runs and must put anything in the $verify and/or $corrupt files, then it also schedules an offline CHKDSK session.  You can find out if CHKDSK has scheduled an offline session with the same chkntfs tool that I discussed in the previous newsletter.  You can also see the current state of $verify and $corrupt with some fsutil commands:

  • fsutil repair enumerate C: will display any records in $corrupt on the C: volume.
  • fsutil repair enumerate E: $verify displays any records in $verify on the E: volume.

Phase Two:  Fix, but Quickly

When called to do a pre-boot disk fixing session, CHKDSK knows not to scan and just to fix with the $corrupt and $verify info because it's called with a new option, /spotfix, as in

chkdsk c: /spotfix

That takes the volume in question offline, handles the fixes and terminates.

What was the long part of the story becomes quite short in 8/2012.  You may recall that pre-2012 versions of Windows showed a 30 second countdown before running CHKDSK.  In 2012, that timeout wait goes to one second for Windows 8 and 10 seconds for Server 2012, so if for some reason you want to bump it back up to where it was before, open an elevated command prompt and type

chkntfs /t:30

As ten seconds is kind of quick, you might miss the pre-boot CHKDSK session altogether.  You can see what CHKDSK has been up to by searching the System event log for error, critical or warning events from source "Ntfs (Microsoft-Windows-Ntfs)."  You can do that by creating a filter in the Event Viewer like so:

  • In the Event Viewer's left-hand pane, right-click Custom Views.
  • Click "Create custom view."
  • That raises a dialog named "Create Custom View."
  • Check the boxes next to "Event level:" labeled "Critical," "Warning," and "Error."
  • Click the radio button below that named "By source  Event sources:"
  • Click the drop-down to the right of "Event sources:"
  • Press "n" to get you to the "n's" in the long list of sources.  Then scroll down to "NTFS (Microsoft-Windows-Ntfs)" and check that.
  • Click the "OK" button at the bottom of the dialog.
  • You'll now have a dialog labeled "Save Filter to Custom View."  Give it a name like "NTFS errors" and OK, and you'll have a new custom view that will grab all of the NTFS errors.

Now, that's all of the NTFS errors.  You can refine that further by right-clicking on your new custom view, choose "Find" and you can then enter some text to search.  Type in "chkdsk" and you'll get just the NTFS errors that name CHKDSK.

All in all, this "kindler, gentler CHKDSK" has to be one of Windows 8 and Server 2012's best "quiet" new features.

Upcoming Conferences


  • I will be keynoting the free Tampa IT Pro Camp 2016 on 20 August 2016. Great speakers, sign up now to learn great stuff from some terrific speakers.  https://www.eventbrite.com/e/tampa-it-pro-camp-2016-tickets-24569378673 and tell 'em Mark sent you.
  • I will be presenting at IT/Dev Connections in Vegas the week of 10 October. Http://www.itdevconnections.com/dc16/Public/Enter.aspx for more info.
  • I will also be speaking at the Intersection show also in Vegas the week of 24 October.  Visit https://next.devintersection.com for more info. 
  • December TechMentor is in Orlando this year and I'm keynoting about Server 2016. https://techmentorevents.com/Home.aspx for all the scoop!
I hope to see some of you at one of these shows!

To Subscribe, Read Old Newsletters, Send Me a Comment or Change Your Email Address

To subscribe: (which just means I'll send you about a three-tweet-sized message in plain text via email including a link to my latest newsletter), please visit http://www.minasi.com/nwsreg.htm.

To change e-mail or other info, drop me a line (haven't figured out a secure method yet).

To read old newsletters: visit http://www.minasi.com/nwstoc.htm and, if you like 'em, please consider subscribing.

To send me a comment:  I'm at help@minasi.com.

All contents copyright 2013 Mark Minasi.  I encourage you to quote this material, so long as you include this entire document. Thanks very much for reading, and see you next time.